WhisperPair lets attackers track, eavesdrop on Bluetooth headsets

A new set of attacks called WhisperPair can hijack Bluetooth audio accessories using Google Fast Pair, allowing attackers to take full device control, eavesdrop and track user's location. Accessories of Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech and Google are affected by it. The vulnerability arises from Fast Pair not checking if devices are in pairing mode.